Check if another process has admin privileges in .NET

Question

I\'m looking for a way to check that a remote process has administrator privileges from my (fully managed) code. It\'s safe to assume that my code will run be run with admin

Answer 1

I have created Process.Extensions.dll extension using solution offered by Anders

https://stackoverflow.com/a/53460693/3855622

Answer 2

To check if process started with user from Administrative group you should use the way described by Anders. To check integrity level on Vista or Windows 7 use GetTokenInformation with specifing TokenIntegrityLevel token class to get TOKEN_MANDATORY_LABEL struct which contains SID associated with mandatory integrity level of the token.

Answer 3

OpenProcess(PROCESS_QUERY_[LIMITED_]INFORMATION)+OpenProcessToken(TOKEN_DUPLICATE) to get the token, then DuplicateTokenEx(TOKEN_QUERY,SecurityImpersonation,TokenImpersonation) to get the impersonation token, then pass that token and the SID from CreateWellKnownSid(WinBuiltinAdministratorsSid) to CheckTokenMembership.

To be able to open (almost) every process for PROCESS_QUERY_INFORMATION access you need to be running as administrator and with debug privileges. On Vista and later you can use PROCESS_QUERY_LIMITED_INFORMATION.

Example code available in this answer.

Answer 4

You could use GetTokenInformation or IsUserAnAdmin API calls.